openssl: Use correct buffer sizes for error messages

Closes #844
author: Michael Kaufmann <mail@michael-kaufmann.ch> 2016-05-31 16:25:56 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2016-05-31 19:52:45 +0200
commit: 7108e53fb58a194df54149e3a52c7df006f24ae7 (patch)
tree: 857b47b6487702d35d9a886ed8c61124342c2f72
parent: 6dbc23cfd86bbf8c1616759068a5909ced3dcc99 (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 592bea5ff..fc1517864 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -930,8 +930,8 @@ int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
   int retval = 0;
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
   struct SessionHandle *data = conn->data;
-  char buf[120]; /* We will use this for the OpenSSL error buffer, so it has
-                    to be at least 120 bytes long. */
+  char buf[256]; /* We will use this for the OpenSSL error buffer, so it has
+                    to be at least 256 bytes long. */
   unsigned long sslerror;
   ssize_t nread;
   int buffsize;
@@ -980,7 +980,7 @@ int Curl_ossl_shutdown(struct connectdata *conn, int sockindex)
           /* openssl/ssl.h says "look at error stack/return value/errno" */
           sslerror = ERR_get_error();
           failf(conn->data, OSSL_PACKAGE " SSL read: %s, errno %d",
-                ERR_error_string(sslerror, buf),
+                SSL_strerror(sslerror, buf, sizeof(buf)),
                 SOCKERRNO);
           done = 1;
           break;
@@ -3012,7 +3012,7 @@ static ssize_t ossl_send(struct connectdata *conn,
   /* SSL_write() is said to return 'int' while write() and send() returns
      'size_t' */
   int err;
-  char error_buffer[120]; /* OpenSSL documents that this must be at least 120
+  char error_buffer[256]; /* OpenSSL documents that this must be at least 256
                              bytes long. */
   unsigned long sslerror;
   int memlen;
@@ -3044,7 +3044,7 @@ static ssize_t ossl_send(struct connectdata *conn,
           The OpenSSL error queue contains more information on the error. */
       sslerror = ERR_get_error();
       failf(conn->data, "SSL_write() error: %s",
-            ERR_error_string(sslerror, error_buffer));
+            SSL_strerror(sslerror, error_buffer, sizeof(error_buffer)));
       *curlcode = CURLE_SEND_ERROR;
       return -1;
     }
@@ -3063,8 +3063,8 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
                          size_t buffersize,        /* max amount to read */
                          CURLcode *curlcode)
 {
-  char error_buffer[120]; /* OpenSSL documents that this must be at
-                             least 120 bytes long. */
+  char error_buffer[256]; /* OpenSSL documents that this must be at
+                             least 256 bytes long. */
   unsigned long sslerror;
   ssize_t nread;
   int buffsize;
@@ -3095,7 +3095,7 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */
         /* If the return code was negative or there actually is an error in the
            queue */
         failf(conn->data, "SSL read: %s, errno %d",
-              ERR_error_string(sslerror, error_buffer),
+              SSL_strerror(sslerror, error_buffer, sizeof(error_buffer)),
               SOCKERRNO);
         *curlcode = CURLE_RECV_ERROR;
         return -1;
author	Michael Kaufmann <mail@michael-kaufmann.ch>	2016-05-31 16:25:56 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2016-05-31 19:52:45 +0200
commit	7108e53fb58a194df54149e3a52c7df006f24ae7 (patch)
tree	857b47b6487702d35d9a886ed8c61124342c2f72
parent	6dbc23cfd86bbf8c1616759068a5909ced3dcc99 (diff)